package SV_EXPOSE_STORE;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;

public class Example {
    private Collection users;
    public void setUsers(Collection users) throws AuthorizationException {
        for (Iterator iter = users.iterator(); iter.hasNext();) {
            String user = (String) iter.next();
            if (!authorized(user)) throw new AuthorizationException();

        }
        this.users = users;
    }

    private boolean authorized(String user) {
        return users.contains("admin");
    }

    // ...
    void maliciousUserCode() throws AuthorizationException {
        Collection myUsers = new ArrayList();
        myUsers.add("goodUser");
        setUsers(myUsers);
        myUsers.add("anotherUser");
    }
    public static class AuthorizationException extends Exception {
        public AuthorizationException() {
            super("User is not authorized.");
        }
    }
}
